CVE-2025-11200
CRITICALDescription
MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from weak password requirements. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26916.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| lfprojects | mlflow |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-11200? +
How severe is CVE-2025-11200? +
What products are affected by CVE-2025-11200? +
How do I check if I'm vulnerable to CVE-2025-11200? +
Related Vulnerabilities
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After …
No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console …
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through …
KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any …
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain …
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.